Making Privacy & Security First Class Citizens in Programming

This workshop is a part of SPLASH 2014 and seeks to embed privacy and security into all aspects of programming and programming languages (and by extension, all aspects of software and software engineering).

Motivation

The development of secure software requires the specification and communication of functional and nonfunctional security and privacy requirements, the utilization of secure and privacy-preserving programming language constructs and the application of secure and privacy-preserving coding best practices. Currently, firms focused on developing code that is both secure and privacy-preserving will employ at most two of these techniques. Unfortunately, this leads to software with the appearance of being safe (i.e. secure and privacy-preserving code), but that offers very little real protection. You can have a secure design, but if there are no supporting language constructs then the systems won’t be safe. If the programmer does not know the secure coding principles and is unaware of privacy engineering methodology, then the resulting software will not be safe. Additionally, privacy engineering is a relatively new area and researchers are trying to determine how to characterize privacy requirements. The specification of these requirements is an inter-disciplinary undertaking; involving experts in law, business, and computer science.By getting experts in security, privacy, requirements engineering, programming languages, formal methods, privacy engineering and secure coding into the same space, it is hoped that the community can bridge the gap between the design and the implementation of safe code. This workshop seeks to enable the development of safe software systems by getting the people of these currently isolated fields to start talking, working together and addressing this very difficult issue.